<?php 
/* If you use an older version (< Dec 3, 2008) of Yubico validatation server,
 * all secrets in the db were not encrypted.
 * 
 * This is a command line tool used to encrypt all secrets in DB.

 % php enc_secrets.php

 To use it, copy it to its parent dir (..), then run it.

 ** Never run this util twice, it will corrupt the database **
 
*/

require_once 'appinclude.php';
require_once 'yubi_lib.php';

// Enc all API keys
$stmt = 'SELECT id,secret FROM clients';
$r = query($stmt);
$i = $j = 0;
while ($row=mysql_fetch_assoc($r)) {	
	$id = $row['id'];
	$stmt = 'UPDATE clients SET secret='.mysql_quote(aesEncrypt($row['secret'])).
		' WHERE id='.$id;
	if (query($stmt)) 
		$i++;
	else 
		$j++;
}
mysql_free_result($r);
echo $i." clients updated\n".
	$j." client failed\n";

// Enc all Yubikey seeds
$stmt = 'SELECT id,secret FROM yubikeys';
$r = query($stmt);
$i = $j = 0;
while ($row=mysql_fetch_assoc($r)) {	
	$id = $row['id'];
	$stmt = 'UPDATE yubikeys SET secret='.mysql_quote(aesEncrypt($row['secret'])).
		' WHERE id='.$id;
	if (query($stmt)) 
		$i++;
	else 
		$j++;
}
mysql_free_result($r);
echo $i." yubikeys updated\n".
	$j." yubikeys failed\n";
?>
